Problem using system-config-securitylevel - Redhat

This is a discussion on Problem using system-config-securitylevel - Redhat ; I have a FC4 with system-config-securitylevel 1.5.8.1 The firewall, that I configured with it, always worked well. Few days ago I noticed that it didn't start any more at boot (I don't remember exactly the error and boot.log is empty ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Problem using system-config-securitylevel

  1. Problem using system-config-securitylevel


    I have a FC4 with system-config-securitylevel 1.5.8.1
    The firewall, that I configured with it, always worked well.
    Few days ago I noticed that it didn't start any more at boot (I don't
    remember exactly the error and boot.log is empty on FC4). So I tried a: #
    /sbin/service iptables restart
    obtaining the following output:

    Applicazione delle regole firewall iptables: /sbin/iptables-restore: line
    2: *filter: command not found /sbin/iptables-restore: line 3: :FORWARD:
    command not found /sbin/iptables-restore: line 4: :INPUT: command not
    found /sbin/iptables-restore: line 5: :OUTPUT: command not found
    /sbin/iptables-restore: line 6: :RH-Firewall-1-INPUT: command not found
    /sbin/iptables-restore: line 7: -A: command not found
    /sbin/iptables-restore: line 8: -A: command not found
    /sbin/iptables-restore: line 9: -A: command not found
    /sbin/iptables-restore: line 10: -A: command not found
    /sbin/iptables-restore: line 11: -A: command not found
    /sbin/iptables-restore: line 12: -A: command not found
    /sbin/iptables-restore: line 13: -A: command not found
    /sbin/iptables-restore: line 14: -A: command not found
    /sbin/iptables-restore: line 15: -A: command not found
    /sbin/iptables-restore: line 16: -A: command not found
    /sbin/iptables-restore: line 17: -A: command not found
    /sbin/iptables-restore: line 18: -A: command not found
    /sbin/iptables-restore: line 19: -A: command not found
    /sbin/iptables-restore: line 20: -A: command not found
    /sbin/iptables-restore: line 21: -A: command not found
    /sbin/iptables-restore: line 22: -A: command not found
    /sbin/iptables-restore: line 23: -A: command not found
    /sbin/iptables-restore: line 24: -A: command not found
    /sbin/iptables-restore: line 25: COMMIT: command not found [FALLITO]

    I can't understand why it's talking about /sbin/iptables-restore

    Is my configuration broken?
    What files have I to check?

    I guess everything begun after a system-config-securitylevel upgrade or
    after some manual modifications to iptables rules I did with a final
    iptable-save.

    Please, can anyone help?
    Thanks.
    Licia.

  2. Re: Problem using system-config-securitylevel

    IloChab wrote:
    > I have a FC4 with system-config-securitylevel 1.5.8.1
    > The firewall, that I configured with it, always worked well.
    > Few days ago I noticed that it didn't start any more at boot (I don't
    > remember exactly the error and boot.log is empty on FC4). So I tried a: #
    > /sbin/service iptables restart
    > obtaining the following output:
    >
    > Applicazione delle regole firewall iptables: /sbin/iptables-restore: line
    > 2: *filter: command not found /sbin/iptables-restore: line 3: :FORWARD:
    > command not found /sbin/iptables-restore: line 4: :INPUT: command not
    > found /sbin/iptables-restore: line 5: :OUTPUT: command not found
    > /sbin/iptables-restore: line 6: :RH-Firewall-1-INPUT: command not found
    > /sbin/iptables-restore: line 7: -A: command not found
    > /sbin/iptables-restore: line 8: -A: command not found
    > /sbin/iptables-restore: line 9: -A: command not found
    > /sbin/iptables-restore: line 10: -A: command not found
    > /sbin/iptables-restore: line 11: -A: command not found
    > /sbin/iptables-restore: line 12: -A: command not found
    > /sbin/iptables-restore: line 13: -A: command not found
    > /sbin/iptables-restore: line 14: -A: command not found
    > /sbin/iptables-restore: line 15: -A: command not found
    > /sbin/iptables-restore: line 16: -A: command not found
    > /sbin/iptables-restore: line 17: -A: command not found
    > /sbin/iptables-restore: line 18: -A: command not found
    > /sbin/iptables-restore: line 19: -A: command not found
    > /sbin/iptables-restore: line 20: -A: command not found
    > /sbin/iptables-restore: line 21: -A: command not found
    > /sbin/iptables-restore: line 22: -A: command not found
    > /sbin/iptables-restore: line 23: -A: command not found
    > /sbin/iptables-restore: line 24: -A: command not found
    > /sbin/iptables-restore: line 25: COMMIT: command not found [FALLITO]
    >
    > I can't understand why it's talking about /sbin/iptables-restore


    In /etc/rc.d/init.d/iptables appears the sequence ...

    start() {
    # Do not start if there is no config file.
    [ -f "$IPTABLES_DATA" ] || return 1

    echo -n $"Applying $IPTABLES firewall rules: "

    OPT=
    [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"

    $IPTABLES-restore $OPT $IPTABLES_DATA


    IPTABLES is defined as _iptables_, so that is where it is being called;
    i.e., at boot time (or anytime you do _iptables start_).

    $ ls -l /sbin/iptables*
    -rwxr-xr-x 1 root root 47568 Dec 17 2003 /sbin/iptables
    -rwxr-xr-x 1 root root 51872 Dec 17 2003 /sbin/iptables-restore
    -rwxr-xr-x 1 root root 50276 Dec 17 2003 /sbin/iptables-save

    I.e., these programs exist, at least in RHEL 3.

    My guess is that your iptables-restore program is going through your
    /etc/sysconfig/iptables file and something is wrong with it. Mine starts out
    like this:

    # Generated by iptables-save v1.2.8 on Tue Aug 23 06:36:03 2005
    *filter
    :INPUT DROP [0:0]
    :FORWARD DROP [0:0]
    :OUTPUT DROP [0:0]
    ....

    Perhaps IPTABLES is not defined in your /etc/rc.d/init.d/iptables file.
    Perhaps the PATH when running /etc/rc.d/init.d/iptables does not include
    sbin. Many things to check.
    >
    > Is my configuration broken?
    > What files have I to check?
    >
    > I guess everything begun after a system-config-securitylevel upgrade or
    > after some manual modifications to iptables rules I did with a final
    > iptable-save.
    >
    > Please, can anyone help?
    > Thanks.
    > Licia.



    --
    .~. Jean-David Beyer Registered Linux User 85642.
    /V\ PGP-Key: 9A2FC99A Registered Machine 241939.
    /( )\ Shrewsbury, New Jersey http://counter.li.org
    ^^-^^ 10:50:00 up 69 days, 4:45, 3 users, load average: 4.23, 4.85, 5.46

  3. Re: Problem using system-config-securitylevel

    Il Tue, 23 Aug 2005 11:03:06 -0400, Jean-David Beyer ha scritto:

    > $ ls -l /sbin/iptables*
    > -rwxr-xr-x 1 root root 47568 Dec 17 2003 /sbin/iptables
    > -rwxr-xr-x 1 root root 51872 Dec 17 2003 /sbin/iptables-restore
    > -rwxr-xr-x 1 root root 50276 Dec 17 2003 /sbin/iptables-save
    >
    > I.e., these programs exist, at least in RHEL 3.


    I have just the same.

    > My guess is that your iptables-restore program is going through your
    > /etc/sysconfig/iptables file and something is wrong with it.



    Mine now is like this:
    # Firewall configuration written by system-config-securitylevel
    # Manual customization of this file is not recommended.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT
    -A FORWARD -j RH-Firewall-1-INPUT
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
    -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
    -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
    COMMIT

    > Perhaps IPTABLES is not defined in your /etc/rc.d/init.d/iptables file.


    IPTABLES=iptables

    > Perhaps the PATH when running /etc/rc.d/init.d/iptables does not include
    > sbin.


    I don't think becouse my error said:
    /sbin/iptables-restore: line 8: -A: command not found
    that tome means it added "/sbin" by itself resolving
    "$IPTABLES-restore $OPT $IPTABLES_DATA"

    > Many things to check.


    I know ... but I really can't find a workarond
    Please help.
    Ciao, Licia.

+ Reply to Thread